質問編集履歴
4
Certbot削除⇒再度Certbot導入時の挙動の追記,ドメイン入力があっているか,Document root情報の付記
test
CHANGED
File without changes
|
test
CHANGED
@@ -256,7 +256,7 @@
|
|
256
256
|
|
257
257
|
|
258
258
|
|
259
|
-
2018/08/15 追記:
|
259
|
+
2018/08/15 追記1:
|
260
260
|
|
261
261
|
先ほど追記点としてCertbotのエラーログについて再度実行して取得するという形でログを掲載しましたが,
|
262
262
|
|
@@ -276,6 +276,176 @@
|
|
276
276
|
|
277
277
|
|
278
278
|
|
279
|
+
2018/08/15 追記2:
|
280
|
+
|
281
|
+
Certbotを消しただけではやはりapache2は再起動できず.(どこか.confファイルを手動で書き直す必要か)
|
282
|
+
|
283
|
+
念のため:Certbot削除⇒Certbot導入時に出たログの確認
|
284
|
+
|
285
|
+
メールアドレスが聞かれただけで再導入時と導入時で特にログに違いはなさそう
|
286
|
+
|
287
|
+
また,ドメイン,ドキュメントルートの記法が違うかもと思い一応情報を記す
|
288
|
+
|
289
|
+
WordPressのルートがvar/wwwだから大丈夫だと思っているけど心配なので
|
290
|
+
|
291
|
+
|
292
|
+
|
293
|
+
以下それぞれ
|
294
|
+
|
295
|
+
mydns.jpで登録してる様子,apache2.confのドキュメントルートの記述箇所,
|
296
|
+
|
297
|
+
Certbot再導入時のログ
|
298
|
+
|
299
|
+
![イメージ説明](473df3eee03c4e521cca13ba6895fc89.png)
|
300
|
+
|
301
|
+
```
|
302
|
+
|
303
|
+
# Sets the default security model of the Apache2 HTTPD server. It does
|
304
|
+
|
305
|
+
# not allow access to the root filesystem outside of /usr/share and /var/www.
|
306
|
+
|
307
|
+
# The former is used by web applications packaged in Debian,
|
308
|
+
|
309
|
+
# the latter may be used for local directories served by the web server. If
|
310
|
+
|
311
|
+
# your system is serving content from a sub-directory in /srv you must allow
|
312
|
+
|
313
|
+
# access here, or in any related virtual host.
|
314
|
+
|
315
|
+
<Directory />
|
316
|
+
|
317
|
+
Options FollowSymLinks
|
318
|
+
|
319
|
+
AllowOverride None
|
320
|
+
|
321
|
+
Require all denied
|
322
|
+
|
323
|
+
</Directory>
|
324
|
+
|
325
|
+
|
326
|
+
|
327
|
+
<Directory /usr/share>
|
328
|
+
|
329
|
+
AllowOverride None
|
330
|
+
|
331
|
+
Require all granted
|
332
|
+
|
333
|
+
</Directory>
|
334
|
+
|
335
|
+
|
336
|
+
|
337
|
+
<Directory /var/www/> (ココ)
|
338
|
+
|
339
|
+
Options Indexes FollowSymLinks
|
340
|
+
|
341
|
+
AllowOverride None
|
342
|
+
|
343
|
+
Require all granted
|
344
|
+
|
345
|
+
#AddHandler .php
|
346
|
+
|
347
|
+
</Directory>
|
348
|
+
|
349
|
+
|
350
|
+
|
351
|
+
#<Directory /srv/>
|
352
|
+
|
353
|
+
# Options Indexes FollowSymLinks
|
354
|
+
|
355
|
+
# AllowOverride None
|
356
|
+
|
357
|
+
# Require all granted
|
358
|
+
|
359
|
+
#</Directory>
|
360
|
+
|
361
|
+
```
|
362
|
+
|
363
|
+
|
364
|
+
|
365
|
+
```
|
366
|
+
|
367
|
+
root@raspi:/home/pi# certbot certonly --webroot -w /var/www/ -d raspberrypi422.mydns.jp
|
368
|
+
|
369
|
+
|
370
|
+
|
371
|
+
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
372
|
+
|
373
|
+
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
|
374
|
+
|
375
|
+
cancel):kang.dream.123456789@gmail.com
|
376
|
+
|
377
|
+
|
378
|
+
|
379
|
+
-------------------------------------------------------------------------------
|
380
|
+
|
381
|
+
Please read the Terms of Service at
|
382
|
+
|
383
|
+
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
|
384
|
+
|
385
|
+
agree in order to register with the ACME server at
|
386
|
+
|
387
|
+
https://acme-v01.api.letsencrypt.org/directory
|
388
|
+
|
389
|
+
-------------------------------------------------------------------------------
|
390
|
+
|
391
|
+
(A)gree/(C)ancel: a
|
392
|
+
|
393
|
+
Obtaining a new certificate
|
394
|
+
|
395
|
+
Performing the following challenges:
|
396
|
+
|
397
|
+
http-01 challenge for raspberrypi422.mydns.jp
|
398
|
+
|
399
|
+
Using the webroot path /var/www for all unmatched domains.
|
400
|
+
|
401
|
+
Waiting for verification...
|
402
|
+
|
403
|
+
Cleaning up challenges
|
404
|
+
|
405
|
+
Failed authorization procedure. raspberrypi422.mydns.jp (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://raspberrypi422.mydns.jp/.well-known/acme-challenge/UFuQsEmfmFEnHAMm8jQS5sMF7ZjEH9Y-qXDZJJ3HH24: Connection refused
|
406
|
+
|
407
|
+
|
408
|
+
|
409
|
+
IMPORTANT NOTES:
|
410
|
+
|
411
|
+
- If you lose your account credentials, you can recover through
|
412
|
+
|
413
|
+
e-mails sent to ??????????(適当なメールアドレス)
|
414
|
+
|
415
|
+
The following errors were reported by the server:
|
416
|
+
|
417
|
+
|
418
|
+
|
419
|
+
Domain: raspberrypi422.mydns.jp
|
420
|
+
|
421
|
+
Type: connection
|
422
|
+
|
423
|
+
Detail: Fetching
|
424
|
+
|
425
|
+
http://raspberrypi422.mydns.jp/.well-known/acme-challenge/UFuQsEmfmFEnHAMm8jQS5sMF7ZjEH9Y-qXDZJJ3HH24:
|
426
|
+
|
427
|
+
Connection refused
|
428
|
+
|
429
|
+
|
430
|
+
|
431
|
+
To fix these errors, please make sure that your domain name was
|
432
|
+
|
433
|
+
entered correctly and the DNS A record(s) for that domain
|
434
|
+
|
435
|
+
contain(s) the right IP address. Additionally, please check that
|
436
|
+
|
437
|
+
your computer has a publicly routable IP address and that no
|
438
|
+
|
439
|
+
firewalls are preventing the server from communicating with the
|
440
|
+
|
441
|
+
client. If you're using the webroot plugin, you should also verify
|
442
|
+
|
443
|
+
that you are serving files from the webroot path you provided.
|
444
|
+
|
445
|
+
```
|
446
|
+
|
447
|
+
何度も何度も編集して申し訳ない...;;
|
448
|
+
|
279
449
|
|
280
450
|
|
281
451
|
### 補足情報(FW/ツールのバージョンなど)
|
3
無意味なエラーログの削除,方針の転換案
test
CHANGED
File without changes
|
test
CHANGED
@@ -258,79 +258,21 @@
|
|
258
258
|
|
259
259
|
2018/08/15 追記:
|
260
260
|
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
root@raspi:/home/pi# certbot certonly --webroot -w /var/www/ -d raspberrypi422.mydns.jp
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
282
|
-
|
283
|
-
Obtaining a new certificate
|
284
|
-
|
285
|
-
Performing the following challenges:
|
286
|
-
|
287
|
-
http-01 challenge for raspberrypi422.mydns.jp
|
288
|
-
|
289
|
-
Using the webroot path /var/www for all unmatched domains.
|
290
|
-
|
291
|
-
Waiting for verification...
|
292
|
-
|
293
|
-
Cleaning up challenges
|
294
|
-
|
295
|
-
Failed authorization procedure. raspberrypi422.mydns.jp (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://raspberrypi422.mydns.jp/.well-known/acme-challenge/lTWzpTSklOeodzW2oWJYmad0VAUvQ_XGuNGlCMTf9Go: Connection refused
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
IMPORTANT NOTES:
|
300
|
-
|
301
|
-
- The following errors were reported by the server:
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
Domain: raspberrypi422.mydns.jp
|
306
|
-
|
307
|
-
Type: connection
|
308
|
-
|
309
|
-
Detail: Fetching
|
310
|
-
|
311
|
-
http://raspberrypi422.mydns.jp/.well-known/acme-challenge/lTWzpTSklOeodzW2oWJYmad0VAUvQ_XGuNGlCMTf9Go:
|
312
|
-
|
313
|
-
Connection refused
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
To fix these errors, please make sure that your domain name was
|
318
|
-
|
319
|
-
entered correctly and the DNS A record(s) for that domain
|
320
|
-
|
321
|
-
contain(s) the right IP address. Additionally, please check that
|
322
|
-
|
323
|
-
your computer has a publicly routable IP address and that no
|
324
|
-
|
325
|
-
firewalls are preventing the server from communicating with the
|
326
|
-
|
327
|
-
client. If you're using the webroot plugin, you should also verify
|
328
|
-
|
329
|
-
that you are serving files from the webroot path you provided.
|
330
|
-
|
331
|
-
```
|
332
|
-
|
333
|
-
|
261
|
+
先ほど追記点としてCertbotのエラーログについて再度実行して取得するという形でログを掲載しましたが,
|
262
|
+
|
263
|
+
・昨日実行時は確認メールアドレスまで聞かれたので明らかに今日のとログ内容が違う
|
264
|
+
|
265
|
+
・そもそも再度実行して得られたログに意味があるか?
|
266
|
+
|
267
|
+
という理由から削除しました.
|
268
|
+
|
269
|
+
|
270
|
+
|
271
|
+
SSLなど詳しくなく,前回のCertbotのログも流れてしまっているので
|
272
|
+
|
273
|
+
一旦CertBotを削除して,apache2の設定ファイルも手動で書き直し,
|
274
|
+
|
275
|
+
まずはApache2自体が以前と同じように動くようにしたほうがいいんでしょうか...
|
334
276
|
|
335
277
|
|
336
278
|
|
2
先ほどの編集で書きそびれていたことの追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -262,9 +262,13 @@
|
|
262
262
|
|
263
263
|
※raspberrypi422.mydns.jp 私がhttp://www.mydns.jp/で取得したdomain
|
264
264
|
|
265
|
+
※domainの書き方がいけない...?感じかと思ったのでmydnsにはこう書いてありますよという画像を添えておきます
|
266
|
+
|
267
|
+
※Wordpressはvar/www/にインストールされています
|
268
|
+
|
265
269
|
![イメージ説明](cbaf6e8e07356c67dbf383761925f632.png)
|
266
270
|
|
267
|
-
|
271
|
+
|
268
272
|
|
269
273
|
|
270
274
|
|
1
指摘されたCertbotについて 導入でエラーが発生してそうだったので再度コマンドを入力してログの掲載,domainの書き方が悪かったかなと思いサイトに取る臆されている情報も問題がない範囲で添えました
test
CHANGED
File without changes
|
test
CHANGED
@@ -256,6 +256,82 @@
|
|
256
256
|
|
257
257
|
|
258
258
|
|
259
|
+
2018/08/15 追記:
|
260
|
+
|
261
|
+
指摘されて気になったのでCertbotのコマンドについてもういちど実行しエラーログを取得してきました
|
262
|
+
|
263
|
+
※raspberrypi422.mydns.jp 私がhttp://www.mydns.jp/で取得したdomain
|
264
|
+
|
265
|
+
![イメージ説明](cbaf6e8e07356c67dbf383761925f632.png)
|
266
|
+
|
267
|
+
※domainの書き方がいけない...?感じかと思ったのでmydnsにはこう書いてありますよという画像を添えておきます
|
268
|
+
|
269
|
+
|
270
|
+
|
271
|
+
```
|
272
|
+
|
273
|
+
root@raspi:/home/pi# certbot certonly --webroot -w /var/www/ -d raspberrypi422.mydns.jp
|
274
|
+
|
275
|
+
|
276
|
+
|
277
|
+
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
278
|
+
|
279
|
+
Obtaining a new certificate
|
280
|
+
|
281
|
+
Performing the following challenges:
|
282
|
+
|
283
|
+
http-01 challenge for raspberrypi422.mydns.jp
|
284
|
+
|
285
|
+
Using the webroot path /var/www for all unmatched domains.
|
286
|
+
|
287
|
+
Waiting for verification...
|
288
|
+
|
289
|
+
Cleaning up challenges
|
290
|
+
|
291
|
+
Failed authorization procedure. raspberrypi422.mydns.jp (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://raspberrypi422.mydns.jp/.well-known/acme-challenge/lTWzpTSklOeodzW2oWJYmad0VAUvQ_XGuNGlCMTf9Go: Connection refused
|
292
|
+
|
293
|
+
|
294
|
+
|
295
|
+
IMPORTANT NOTES:
|
296
|
+
|
297
|
+
- The following errors were reported by the server:
|
298
|
+
|
299
|
+
|
300
|
+
|
301
|
+
Domain: raspberrypi422.mydns.jp
|
302
|
+
|
303
|
+
Type: connection
|
304
|
+
|
305
|
+
Detail: Fetching
|
306
|
+
|
307
|
+
http://raspberrypi422.mydns.jp/.well-known/acme-challenge/lTWzpTSklOeodzW2oWJYmad0VAUvQ_XGuNGlCMTf9Go:
|
308
|
+
|
309
|
+
Connection refused
|
310
|
+
|
311
|
+
|
312
|
+
|
313
|
+
To fix these errors, please make sure that your domain name was
|
314
|
+
|
315
|
+
entered correctly and the DNS A record(s) for that domain
|
316
|
+
|
317
|
+
contain(s) the right IP address. Additionally, please check that
|
318
|
+
|
319
|
+
your computer has a publicly routable IP address and that no
|
320
|
+
|
321
|
+
firewalls are preventing the server from communicating with the
|
322
|
+
|
323
|
+
client. If you're using the webroot plugin, you should also verify
|
324
|
+
|
325
|
+
that you are serving files from the webroot path you provided.
|
326
|
+
|
327
|
+
```
|
328
|
+
|
329
|
+
|
330
|
+
|
331
|
+
|
332
|
+
|
333
|
+
|
334
|
+
|
259
335
|
### 補足情報(FW/ツールのバージョンなど)
|
260
336
|
|
261
337
|
・debian ver 9.4
|